Use verify_post_request in controllers instead of Rails filter

diff --git a/sonar-server/src/main/webapp/WEB-INF/app/controllers/action_plans_controller.rb b/sonar-server/src/main/webapp/WEB-INF/app/controllers/action_plans_controller.rb
index 7b93155ccaa77d93d1e26c0c5ed394ec0f532093..579e250b930b123750a806eecac0503fba051674 100644 (file)
--- a/sonar-server/src/main/webapp/WEB-INF/app/controllers/action_plans_controller.rb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/controllers/action_plans_controller.rb
@@ -22,7 +22,6 @@ class ActionPlansController < ApplicationController
 
   SECTION=Navigation::SECTION_RESOURCE
   before_filter :load_resource
-  verify :method => :post, :only => [:save, :delete, :change_status], :redirect_to => {:action => :index}
 
   def index
     load_action_plans()
@@ -35,6 +34,7 @@ class ActionPlansController < ApplicationController
   end
 
   def save
+    verify_post_request
     options = {'project' => @resource.key, 'name' => params[:name], 'description' => params[:description], 'deadLine' => params[:deadline]}
 
     exiting_action_plan = find_by_key(params[:plan_key]) unless params[:plan_key].blank?
@@ -55,11 +55,13 @@ class ActionPlansController < ApplicationController
   end
 
   def delete
+    verify_post_request
     Internal.issues.deleteActionPlan(params[:plan_key])
     redirect_to :action => 'index', :id => @resource.id
   end
 
   def change_status
+    verify_post_request
     action_plan = find_by_key(params[:plan_key])
     if action_plan
       if action_plan.status == 'OPEN'

diff --git a/sonar-server/src/main/webapp/WEB-INF/app/controllers/admin_dashboards_controller.rb b/sonar-server/src/main/webapp/WEB-INF/app/controllers/admin_dashboards_controller.rb
index 052679493372f7906bbd492dac590089b160f86a..61a2749feb997469c82d6663e9f90d831b7f432e 100644 (file)
--- a/sonar-server/src/main/webapp/WEB-INF/app/controllers/admin_dashboards_controller.rb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/controllers/admin_dashboards_controller.rb
@@ -21,7 +21,6 @@ class AdminDashboardsController < ApplicationController
 
   SECTION=Navigation::SECTION_CONFIGURATION
 
-  verify :method => :post, :only => [:up, :down, :remove, :add], :redirect_to => {:action => :index}
   before_filter :admin_required
   before_filter :load_default_dashboards
 
@@ -32,16 +31,19 @@ class AdminDashboardsController < ApplicationController
   end
 
   def down
+    verify_post_request
     position(+1)
     redirect_to :action => 'index'
   end
 
   def up
+    verify_post_request
     position(-1)
     redirect_to :action => 'index'
   end
 
   def add
+    verify_post_request
     dashboard=Dashboard.find(params[:id])
     if dashboard and dashboard.shared?
       last_index = @actives.max_by(&:order_index).order_index
@@ -54,6 +56,7 @@ class AdminDashboardsController < ApplicationController
   end
 
   def remove
+    verify_post_request
     if @actives.size<=1
       flash[:error]='At least one dashboard must be defined as default.'
     else

diff --git a/sonar-server/src/main/webapp/WEB-INF/app/controllers/backup_controller.rb b/sonar-server/src/main/webapp/WEB-INF/app/controllers/backup_controller.rb
index cae0fc3ab26427eb658c1087c0e964db5392cc09..7d71472cfa223df638d738b7ab1fe1c7e6953a0a 100644 (file)
--- a/sonar-server/src/main/webapp/WEB-INF/app/controllers/backup_controller.rb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/controllers/backup_controller.rb
@@ -22,10 +22,8 @@ class BackupController < ApplicationController
   SECTION=Navigation::SECTION_CONFIGURATION
 
   before_filter :admin_required
-  verify :method => :post, :only => [:import], :redirect_to => { :action => :index }
 
   def index
-
   end
 
   def export
@@ -35,6 +33,7 @@ class BackupController < ApplicationController
   end
 
   def import
+    verify_post_request
     file=params[:file]
     xml=read_file(file)
     if xml && !xml.empty?

diff --git a/sonar-server/src/main/webapp/WEB-INF/app/controllers/bulk_deletion_controller.rb b/sonar-server/src/main/webapp/WEB-INF/app/controllers/bulk_deletion_controller.rb
index a2362c887b7c9483b2050bb78adbcac6fb718e72..21efff304187b92636b0dffa5478dc45de00060f 100644 (file)
--- a/sonar-server/src/main/webapp/WEB-INF/app/controllers/bulk_deletion_controller.rb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/controllers/bulk_deletion_controller.rb
@@ -22,7 +22,6 @@ class BulkDeletionController < ApplicationController
   SECTION=Navigation::SECTION_CONFIGURATION
 
   before_filter :admin_required
-  verify :method => :post, :only => [:delete_resources], :redirect_to => { :action => :index }
 
   def index
     if pending_mass_deletion?
@@ -79,6 +78,7 @@ class BulkDeletionController < ApplicationController
   end
   
   def delete_resources
+    verify_post_request
     resource_to_delete = params[:resources] || []
     resource_to_delete = params[:all_resources].split(',') if params[:all_resources] && !params[:all_resources].blank?
     

diff --git a/sonar-server/src/main/webapp/WEB-INF/app/controllers/dashboard_controller.rb b/sonar-server/src/main/webapp/WEB-INF/app/controllers/dashboard_controller.rb
index 0dae16e03845b7de2ff7892d8de7623cf788a096..8e9232a1e39669001089240334b985fdede3c0ee 100644 (file)
--- a/sonar-server/src/main/webapp/WEB-INF/app/controllers/dashboard_controller.rb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/controllers/dashboard_controller.rb
@@ -21,7 +21,6 @@ class DashboardController < ApplicationController
 
   SECTION=Navigation::SECTION_RESOURCE
 
-  verify :method => :post, :only => [:set_layout, :add_widget, :set_dashboard, :save_widget], :redirect_to => {:action => :index}
   before_filter :login_required, :except => [:index]
 
   def index
@@ -48,6 +47,7 @@ class DashboardController < ApplicationController
   end
 
   def set_layout
+    verify_post_request
     dashboard=Dashboard.find(params[:did])
     if dashboard.editable_by?(current_user)
       dashboard.column_layout=params[:layout]
@@ -62,6 +62,7 @@ class DashboardController < ApplicationController
   end
 
   def set_dashboard
+    verify_post_request
     load_dashboard()
 
     dashboardstate=params[:dashboardstate]
@@ -87,6 +88,7 @@ class DashboardController < ApplicationController
   end
 
   def add_widget
+    verify_post_request
     dashboard=Dashboard.find(params[:did])
     widget_id=nil
     if dashboard.editable_by?(current_user)
@@ -109,6 +111,7 @@ class DashboardController < ApplicationController
   end
 
   def save_widget
+    verify_post_request
     widget=Widget.find(params[:wid])
     #TODO check owner of dashboard
     Widget.transaction do

diff --git a/sonar-server/src/main/webapp/WEB-INF/app/controllers/dashboards_controller.rb b/sonar-server/src/main/webapp/WEB-INF/app/controllers/dashboards_controller.rb
index 6748a292c5c553051ffb188aa7a5959166a076b7..52474be0159498644241244f8e5a71d824fa6033 100644 (file)
--- a/sonar-server/src/main/webapp/WEB-INF/app/controllers/dashboards_controller.rb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/controllers/dashboards_controller.rb
@@ -21,7 +21,6 @@ class DashboardsController < ApplicationController
 
   SECTION=Navigation::SECTION_RESOURCE
 
-  verify :method => :post, :only => [:create, :update, :delete, :up, :down, :follow, :unfollow], :redirect_to => {:action => :index}
   before_filter :login_required
 
   def index
@@ -47,6 +46,7 @@ class DashboardsController < ApplicationController
   end
 
   def create
+    verify_post_request
     @dashboard=Dashboard.new()
     @dashboard.user_id=current_user.id
     load_dashboard_from_params(@dashboard)
@@ -79,6 +79,7 @@ class DashboardsController < ApplicationController
   end
 
   def update
+    verify_post_request
     dashboard=Dashboard.find(params[:id])
     if dashboard.editable_by?(current_user)
       load_dashboard_from_params(dashboard)
@@ -92,6 +93,7 @@ class DashboardsController < ApplicationController
   end
 
   def delete
+    verify_post_request
     dashboard=Dashboard.find(params[:id])
 
     access_denied unless dashboard.editable_by?(current_user)
@@ -106,14 +108,17 @@ class DashboardsController < ApplicationController
   end
 
   def down
+    verify_post_request
     position(+1)
   end
 
   def up
+    verify_post_request
     position(-1)
   end
 
   def follow
+    verify_post_request
     dashboard=Dashboard.find(params[:id])
 
     add_default_dashboards_if_first_user_dashboard(dashboard.global?)
@@ -129,6 +134,7 @@ class DashboardsController < ApplicationController
   end
 
   def unfollow
+    verify_post_request
     dashboard=Dashboard.find(params[:id])
 
     add_default_dashboards_if_first_user_dashboard(dashboard.global?)

diff --git a/sonar-server/src/main/webapp/WEB-INF/app/controllers/manual_measures_controller.rb b/sonar-server/src/main/webapp/WEB-INF/app/controllers/manual_measures_controller.rb
index ab5fd5abfd03dff3d2728694784d003d1c8e6115..3408c4aa8e925fcfd61e9bbe8775c97e4ce20cfc 100644 (file)
--- a/sonar-server/src/main/webapp/WEB-INF/app/controllers/manual_measures_controller.rb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/controllers/manual_measures_controller.rb
@@ -21,7 +21,6 @@ class ManualMeasuresController < ApplicationController
 
   SECTION=Navigation::SECTION_RESOURCE
   before_filter :init_resource_for_admin_role
-  verify :method => :post, :only => [:save, :delete], :redirect_to => {:action => :index}
   helper MetricsHelper
   
   def index
@@ -39,6 +38,7 @@ class ManualMeasuresController < ApplicationController
   end
 
   def save
+    verify_post_request
     @metric=Metric.by_key(params[:metric])
     @measure=ManualMeasure.find(:first, :conditions => ['resource_id=? and metric_id=?', @resource.id, @metric.id])
     if @measure.nil?
@@ -60,6 +60,7 @@ class ManualMeasuresController < ApplicationController
   end
 
   def delete
+    verify_post_request
     metric=Metric.by_key(params[:metric])
     ManualMeasure.destroy_all(['resource_id=? and metric_id=?', @resource.id, metric.id])
     redirect_to :action => 'index', :id => params[:id], :metric => params[:metric]

diff --git a/sonar-server/src/main/webapp/WEB-INF/app/controllers/manual_rules_controller.rb b/sonar-server/src/main/webapp/WEB-INF/app/controllers/manual_rules_controller.rb
index c818adb06c2c63ad51287ca11b90509128cb68e8..1a009ae313c754cd7ff3686371c0b579cc8264f3 100644 (file)
--- a/sonar-server/src/main/webapp/WEB-INF/app/controllers/manual_rules_controller.rb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/controllers/manual_rules_controller.rb
@@ -20,7 +20,6 @@
 class ManualRulesController < ApplicationController
 
   before_filter :admin_required
-  verify :method => :post, :only => [:create], :redirect_to => {:action => :index}
   verify :method => :delete, :only => [:delete], :redirect_to => {:action => :index}
 
   SECTION=Navigation::SECTION_CONFIGURATION
@@ -39,6 +38,7 @@ class ManualRulesController < ApplicationController
   end
 
   def create
+    verify_post_request
     access_denied unless is_admin?
     begin
       if params[:id].to_i>0